Handle other permission group types

[cwperks]

Description

Slightly updates the logic for calculating Other permission groups in the permissions dropdowns to ensure that groups with type not belonging to ['cluster', 'index', 'kibana'] are accounted for. The linked PR handles the case for custom action groups where type is never assigned, but doesn't account for the static action group unlimited that belongs to the "all" type. This is the only pre-defined action group that does not belong to cluster, index or kibana type.

Category

Bug fix

Issues Resolved

Related PR and issue:

• Fix bug where custom permission groups are missing #1636
• [BUG] Impossible to add customized permission group to a role #1597

Testing

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (09b2f59) 67.09% compared to head (354b2e0) 67.09%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1715   +/-   ##
=======================================
  Coverage   67.09%   67.09%           
=======================================
  Files          94       94           
  Lines        2404     2404           
  Branches      318      318           
=======================================
  Hits         1613     1613           
  Misses        713      713           
  Partials       78       78           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[peternied]

Thanks for this change.

The underlying bug is pretty bad worse as action groups are customizable. In the distribution we have a set that we include by default, but they can be customized by the cluster operators to whatever they'd like. Unknowingly action groups might have been created that were hidden from the UX.

[derek-ho]

Ah I missed this - I thought they would just use * for all access?

[cwperks]

@derek-ho I just checked on the UI and its not possible to assign cluster or index permissions unless they appear in the dropdown so its not possible to assign * from the UI directly.

I wonder if it should allow wildcard matches as long as the value entered matches at least 1 action.